From acc404606c0b0c046ecb0a976ff4f68f2f0d6632 Mon Sep 17 00:00:00 2001 From: sutantodadang Date: Sun, 26 Dec 2021 12:13:13 +0700 Subject: [PATCH 1/2] stash --- controllers/v1/user.js | 2 ++ middleware/auth.js | 23 ++++++++++++++--------- models/crowdfundings.js | 8 ++++---- models/user.js | 36 +++++++++++++++++++----------------- 4 files changed, 39 insertions(+), 30 deletions(-) diff --git a/controllers/v1/user.js b/controllers/v1/user.js index 5c0b29f..d8cced8 100644 --- a/controllers/v1/user.js +++ b/controllers/v1/user.js @@ -16,6 +16,8 @@ module.exports = { login: async (req, res) => { try { + if (!req.body.email || !req.body.password) + res.status(400).json({ message: "Please Input Email/Password" }); const user = await User.cekUser(req.body.email, req.body.password); const token = await user.generateAuthToken(); diff --git a/middleware/auth.js b/middleware/auth.js index 6c2ff78..ff04041 100644 --- a/middleware/auth.js +++ b/middleware/auth.js @@ -1,22 +1,27 @@ -const jwt = require('jsonwebtoken'); -const User = require('../models/user'); +const jwt = require("jsonwebtoken"); +const User = require("../models/user"); const auth = async (req, res, next) => { try { - const token = req.header('Authorization').replace('Bearer ', ''); - const decoded = jwt.verify(token, process.env.SECRET); - const user = await User.findOne({ _id: decoded._id, 'tokens.token': token }); + const header = req.header("Authorization"); + const token = header.split(" "); - if (!user) { - throw new Error('User tidak ditemukan!'); - } + if (token[0] != "Bearer") throw new Error("Invalid Format"); + + const decoded = jwt.verify(token[1], process.env.SECRET); + const user = await User.findOne({ + _id: decoded._id, + "tokens.token": token, + }); + + if (!user) throw new Error("User Not Found"); req.token = token; req.user = user; next(); } catch (error) { - res.status(401).send({ message: 'Anda belum login!' }); + res.status(401).send({ message: "Anda Belum Login" }); } }; diff --git a/models/crowdfundings.js b/models/crowdfundings.js index 4173599..566b43f 100644 --- a/models/crowdfundings.js +++ b/models/crowdfundings.js @@ -1,14 +1,14 @@ -const mongoose = require('mongoose'); +const mongoose = require("mongoose"); const crowdfundingsSchema = new mongoose.Schema({ title: { type: String, - required: true, + required: [true, "Must Have Title"], trim: true, }, category: { type: String, - required: true, + required: [true, "Must Have Category"], trim: true, }, thumbnail: { @@ -42,6 +42,6 @@ const crowdfundingsSchema = new mongoose.Schema({ }, }); -const Crowdfundings = mongoose.model('crowdfundings', crowdfundingsSchema); +const Crowdfundings = mongoose.model("crowdfundings", crowdfundingsSchema); module.exports = Crowdfundings; diff --git a/models/user.js b/models/user.js index d3b9e01..bb4af08 100644 --- a/models/user.js +++ b/models/user.js @@ -1,33 +1,33 @@ -const mongoose = require('mongoose'); -const bcryptjs = require('bcryptjs'); -const validator = require('validator'); -const jwt = require('jsonwebtoken'); +const mongoose = require("mongoose"); +const bcryptjs = require("bcryptjs"); +const validator = require("validator"); +const jwt = require("jsonwebtoken"); const userSchema = new mongoose.Schema({ - nama: { + name: { type: String, - required: true, + required: [true, "User Must Have Name"], trim: true, }, email: { type: String, - required: true, - unique: true, + required: [true, "User Must Have Email"], + unique: [true, "Email Already Exist"], trim: true, lowercase: true, validate(value) { if (!validator.isEmail(value)) { - throw { message: 'Email tidak sah!' }; + throw { message: "Email tidak sah!" }; } }, }, password: { type: String, - required: true, + required: [true, "User Must Have Password"], trim: true, validate(value) { if (!validator.isLength(value, { min: 6 })) { - throw { message: 'Password minimal 6 karakter!' }; + throw { message: "Password minimal 6 karakter!" }; } }, }, @@ -35,7 +35,7 @@ const userSchema = new mongoose.Schema({ { token: { type: String, - required: true, + required: [true, "Please Give The Token"], }, }, ], @@ -52,29 +52,31 @@ userSchema.methods.generateAuthToken = async function () { }; userSchema.statics.cekUser = async (email, pass) => { + if (!validator.isEmail(email)) throw { message: "Email Not Valid!" }; + const user = await User.findOne({ email }); if (!user) { - throw { message: 'Email sudah terdaftar!' }; + throw { message: "Email sudah terdaftar!" }; } const matchPass = await bcryptjs.compare(pass, user.password); if (!matchPass) { - throw { message: 'Password salah!' }; + throw { message: "Password salah!" }; } return user; }; -userSchema.pre('save', async function (next) { +userSchema.pre("save", async function (next) { const user = this; - if (user.isModified('password')) { + if (user.isModified("password")) { user.password = await bcryptjs.hash(user.password, 8); } next(); }); -const User = mongoose.model('User', userSchema); +const User = mongoose.model("User", userSchema); module.exports = User; From 589aac520fece5418eafb565b288495854233216 Mon Sep 17 00:00:00 2001 From: sutantodadang Date: Mon, 27 Dec 2021 23:14:14 +0700 Subject: [PATCH 2/2] fix : validasi body --- controllers/v1/crowdfundings.js | 10 ++++++++-- middleware/auth.js | 6 ++++-- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/controllers/v1/crowdfundings.js b/controllers/v1/crowdfundings.js index f50d361..e34bad4 100644 --- a/controllers/v1/crowdfundings.js +++ b/controllers/v1/crowdfundings.js @@ -21,13 +21,19 @@ module.exports = { }, crowdfundingsEdit: async (req, res) => { try { + if (!req.params.id) res.status(400).json({ message: "Id Required" }); + + if (!req.body) res.status(400).json({ message: "body Required" }); + const crowd = await Crowd.findOneAndUpdate( { _id: req.params.id }, - req.body + req.body, + { new: true } ); + res.send({ crowd, msg: "Berhasil diubah!" }); } catch (error) { - res.send(error); + res.status(400).json({ message: error }); } }, }; diff --git a/middleware/auth.js b/middleware/auth.js index ff04041..95d2afd 100644 --- a/middleware/auth.js +++ b/middleware/auth.js @@ -1,4 +1,5 @@ const jwt = require("jsonwebtoken"); +const { HttpStatusCode } = require("../constant/httpStatusCodes"); const User = require("../models/user"); const auth = async (req, res, next) => { @@ -20,8 +21,9 @@ const auth = async (req, res, next) => { req.user = user; next(); - } catch (error) { - res.status(401).send({ message: "Anda Belum Login" }); + } catch (err) { + // res.status(401).send({ message: "Anda Belum Login" }); + next({ status: HttpStatusCode.FORBIDDEN }); } };